Update: The attack vulnerability is in Java 1.7 which almost no Mac Users are using (you’d need to update to 1.7 manually)
In what seems like a flashback to a couple of months ago, several security experts are now warning folks about a new Java 7 exploit that is said to be super dangerous for Mac owners. As Metasploit’s Tod Beardsley told ComputerWorld, the bug can be exploited through any browser (including browsers on Windows and Linux) on a machine that has Java installed.
Beardsley called the bug “super dangerous,” noting that it was “totally a drive by,” meaning that attackers could compromise a Mac, or other personal computers, simply by duping users into browsing to a malicious or previously-hacked website that hosts the attack code.
The unpatched bug can even be found on Mountain Lion, Apple’s latest operating system released, but Apple stopped bundling Java in 2011 when it began shipping Lion. For users on Lion and Mountain Lion, who have Java installed, the operating system asks them if they would like Java to run. So, most should be in the clear. The situation is particularly dangerous for Snow Leopard and Leopard users, because they do not have the same safety parameters.
In April 2011, a similar situation arose. The exploit, dubbed “Flashback”, infected over 100,000 machines until Apple patched it in a software update and removal tool.
The best piece of advice: Uninstall Java and stay away from websites that look suspicious. Running OS X without Java is sounding better all the time.